diff --git a/lib/app-middleware.js b/lib/app-middleware.js
index 0110924f..8f932de9 100644
--- a/lib/app-middleware.js
+++ b/lib/app-middleware.js
@@ -40,10 +40,11 @@ module.exports = (app) => {
   app.use(flash())
   app.use(
     bodyParser.urlencoded({
-      extended: true
+      extended: true,
+      limit: '50mb'
     })
   )
-  app.use(bodyParser.json())
+  app.use(bodyParser.json({ limit: '50mb' }))
 
   // Custom app middleware
   //
diff --git a/lib/plugins/pluginEndpoints.js b/lib/plugins/pluginEndpoints.js
index eb05a1b3..afe302c6 100644
--- a/lib/plugins/pluginEndpoints.js
+++ b/lib/plugins/pluginEndpoints.js
@@ -1,4 +1,7 @@
 const { default: axios } = require('axios')
+const fs = require('fs')
+const os = require('os')
+const path = require('path')
 
 const config = require('../config')
 
@@ -7,11 +10,6 @@ module.exports = function (req, res) {
   const endpoint = req.body.endpoint
   const category = req.body.category
 
-  if (category === 'message') {
-    console.log(req.body.message)
-    return res.status(200).send('Message sent: ' + req.body.message)
-  }
-
   let pluginUrl = findPlugin(name, category)
 
   let prefix
@@ -106,6 +104,7 @@ module.exports = function (req, res) {
   function getRun (pluginUrl, data, category, res) {
     var pluginData
     var responseType
+    let cleanup = null
 
     switch (category) {
       case 'rendering': {
@@ -119,7 +118,9 @@ module.exports = function (req, res) {
         break
       }
       case 'submit': {
-        pluginData = data
+        const prepared = prepareSubmitPluginData(data)
+        pluginData = prepared.pluginData
+        cleanup = prepared.cleanup
         responseType = 'arraybuffer'
         break
       }
@@ -145,7 +146,77 @@ module.exports = function (req, res) {
     }).catch(error => {
       res.header('Content-Type', 'text/plain')
       return res.status(500).send(error)
+    }).finally(() => {
+      if (cleanup) {
+        cleanup()
+      }
+    })
+  }
+
+  function prepareSubmitPluginData (data) {
+    let parsedData = data
+
+    if (typeof parsedData === 'string') {
+      try {
+        parsedData = JSON.parse(parsedData)
+      } catch (error) {
+        return {
+          pluginData: data,
+          cleanup: null
+        }
+      }
+    }
+
+    const manifestFiles = parsedData && parsedData.manifest && Array.isArray(parsedData.manifest.files)
+      ? parsedData.manifest.files
+      : null
+
+    if (!manifestFiles) {
+      return {
+        pluginData: parsedData,
+        cleanup: null
+      }
+    }
+
+    const hasInlineContent = manifestFiles.some(file => typeof file.contentBase64 === 'string' && file.contentBase64.length > 0)
+
+    if (!hasInlineContent) {
+      return {
+        pluginData: parsedData,
+        cleanup: null
+      }
+    }
+
+    const tempDir = fs.mkdtempSync(path.join(os.tmpdir(), 'sbh-submit-plugin-'))
+    const preparedFiles = manifestFiles.map((file, index) => {
+      if (typeof file.contentBase64 === 'string' && file.contentBase64.length > 0) {
+        const safeFilename = path.basename(file.filename || `plugin_input_${index}`)
+        const localPath = path.join(tempDir, safeFilename)
+        fs.writeFileSync(localPath, Buffer.from(file.contentBase64, 'base64'))
+        return {
+          ...file,
+          url: localPath
+        }
+      }
+      return file
     })
+
+    return {
+      pluginData: {
+        ...parsedData,
+        manifest: {
+          ...parsedData.manifest,
+          files: preparedFiles
+        }
+      },
+      cleanup: () => {
+        try {
+          fs.rmSync(tempDir, { recursive: true, force: true })
+        } catch (error) {
+          // best effort cleanup
+        }
+      }
+    }
   }
 
   function getPublicDataFromURI (data) {